Описание
ELSA-2023-2898: libtar security update (MODERATE)
[1.2.20-17]
- fix use-after-free bugs introduced by incorrect memleak fixes (CVE-2021-33640)
[1.2.20-16]
- fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
- fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
libtar
1.2.20-17.el8
Oracle Linux x86_64
libtar
1.2.20-17.el8
Связанные уязвимости
CVSS3: 9.1
ubuntu
почти 3 года назад
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
CVSS3: 7.4
redhat
почти 3 года назад
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
CVSS3: 9.1
nvd
почти 3 года назад
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
